PT-2021-11663 · D Link · D-Link Router Dir-895L

Published

2021-06-04

Updated

2021-06-10

CVE-2020-29324

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: DLink Router DIR-895L MFC version 1.21b05

Description: The issue allows an unauthenticated attacker to gain access to the firmware and extract sensitive data through credentials disclosure in the telnet service. This is possible by decompiling the firmware.

Recommendations: For DLink Router DIR-895L MFC version 1.21b05, consider disabling the telnet service as a temporary workaround until a patch is available. Restrict access to the firmware to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2020-29324

Affected Products

D-Link Router Dir-895L

PT-2021-11663 · D Link · D-Link Router Dir-895L

CVE-2020-29324

Weakness Enumeration

Related Identifiers

Affected Products

References · 4